General
-
Target
JaffaCakes118_2f82007c9b5d792e69074e710221b1f6
-
Size
10KB
-
Sample
250106-vh2pqasjcx
-
MD5
2f82007c9b5d792e69074e710221b1f6
-
SHA1
89f48914102c6cff10013150d8f79c31b3b7315b
-
SHA256
73b2e38a3dcf49abe626541ba88c22d45b00fef21c6536f083b24c611739e397
-
SHA512
53dff7fda8e270743ec91cff1876dce4490c2e4b33977abe58a9a987a214f77107e03f0f6582da2b82e20556ba0535cad8b503bca6ab8944c0ebff2ecd8a5d45
-
SSDEEP
192:L9B/5ruIwI0nAJ5oLHjP29xE11sgLjPcOAze48unfmMNEX+FOio3I/UH:L9HWBjexEAEjPcOAzj8WmMypdB
Malware Config
Targets
-
-
Target
JaffaCakes118_2f82007c9b5d792e69074e710221b1f6
-
Size
10KB
-
MD5
2f82007c9b5d792e69074e710221b1f6
-
SHA1
89f48914102c6cff10013150d8f79c31b3b7315b
-
SHA256
73b2e38a3dcf49abe626541ba88c22d45b00fef21c6536f083b24c611739e397
-
SHA512
53dff7fda8e270743ec91cff1876dce4490c2e4b33977abe58a9a987a214f77107e03f0f6582da2b82e20556ba0535cad8b503bca6ab8944c0ebff2ecd8a5d45
-
SSDEEP
192:L9B/5ruIwI0nAJ5oLHjP29xE11sgLjPcOAze48unfmMNEX+FOio3I/UH:L9HWBjexEAEjPcOAzj8WmMypdB
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Vjw0rm family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1